1.1 About the Company
A.O. “Clubul Sportiv SPORTER” (hereinafter — SPORTER) is a personal data controller. Office address: 28/1 Calea Orheiului str., Chișinău, Republic of Moldova.
SPORTER is committed to protecting the confidentiality of your data in accordance with applicable law. This personal data processing policy governs the collection, use, disclosure, storage and protection of your personal information and personal data.
Each time we amend the personal data processing policy, you will be informed by its publication on the website and you will have the possibility to choose at any time whether you wish to continue using our services. The new personal data processing policy shall enter into force on the date it is displayed on the Sporter.md website.
To use our Services, you must be at least 18 years old. By using the Services, completing the account creation details and/or accepting the Terms and Conditions, you warrant that you are 18 years old. SPORTER recommends that parents take an active role in supervising children’s online activity. If you believe we have collected a minor’s personal data, please contact us at: event@sporter.md.
It is very important to protect and maintain the security of any account and to immediately notify us of any unauthorized use of your account created on the platform. It is also important not to disclose your password to other persons.
The Sporter.md website may contain links to other websites. Those websites operate independently from our website and have their own notices, statements or privacy and personal data processing policies. We recommend reviewing them in order to understand how personal data may be processed in relation to those websites, as we are not responsible for the content of websites that do not belong to us or are not managed by us, nor for the use or privacy policies of those websites.
For questions or to exercise your rights, contact our support service:
Support: +(373) 22 111 072
E-mail: event@sporter.md
Address: MD-2059, Chișinău, 28/1 Calea Orheiului str.
Banking and identification details:
CLUBUL SPORTIV “SPORTER” ASOCIAȚIA OBȘTEASCĂ
IDNO / Tax ID: 1013620009909
VAT Code: 0507671
President: Dmitri Voloșin
Working hours:
Monday–Friday: 10:30–18:30
Lunch break: 12:00–13:00 / 13:00–14:00
Saturday–Sunday: closed
Personal data is processed in accordance with national legislation and international standards, including:
Regulation (EU) 2016/679 — GDPR;
The Constitution of the Republic of Moldova;
The Law on Personal Data Protection of the Republic of Moldova;
Other relevant normative acts.
We assume responsibility for complying with these rules and guarantee the lawfulness of the processing of your personal data.
The main purpose of the Policy is to ensure the availability, integrity and confidentiality of all processed information, including personal data, regardless of whether it is handled manually or automatically.
Data security is an essential part of our activity. We protect information, IT systems and processes against:
accidental risks (human error, technical failures, natural factors);
intentional actions (cyberattacks, fraud, etc.);
other situations that may cause harm to users or breaches of law.
Through the sales form, the platform collects the following personal data: first and last name, e-mail, phone, country of origin.
Other data: recording of support calls (with your consent). Platform usage data (cookies and similar technologies).
Data category — Mandatory/Optional — Main purpose
First name, last name — Mandatory — Ticket issuance, verification
Email — Mandatory — Communication, authentication
Phone — Mandatory — Confirmation, SMS notifications
Country — Mandatory — Statistical analysis
Cookies — Optional — Browsing experience personalization, traffic analysis, preferences
Call recordings — Optional — Proper functioning of the provided services
We collect information about you in three ways:
Directly — when you register on sporter.md; when you purchase tickets for events listed on the website, either online or through our contractual partners; when you contact us and request a reply or otherwise interact with us directly. Therefore, it is very important to note that if other persons use your computer/mobile device, you should log out at the end of the browsing session. Otherwise, any person with access to your device will automatically have access to all information you provided or we provided (e.g., tickets saved in your account).
Automatically — when you use sporter.md services online, we collect information via cookies and by logging your activity. We mainly collect information about your equipment and connection, such as page view statistics, traffic to and from websites, and transaction history. For more information about cookies, please consult the information on the website. In addition, if you previously provided personal data, we may automatically associate that information with other information we collect from your user account whenever you log in, so that we can identify you across multiple devices and browsers and provide the same browsing experience regardless of the environment you use.
From third parties — we may also obtain information about you from third parties that operate data through cookies, such as: our contractual partners operating physical ticket sales points, advertising networks, social networks, market research companies, etc. Please note that you may request deletion of your account created on the sporter.md platform at any time by sending an e-mail to: event@sporter.md. Once you request this, you will no longer be able to access your personal account or the information saved on its basis (e.g., information related to tickets already purchased for past or upcoming events).
We collect and process users’ personal data only for strictly necessary purposes, including:
to provide the Services and products you requested, including, without limitation, issuing and delivering electronic tickets;
sending by e-mail and SMS useful information about the current event and future events, as well as other notifications; by providing contact data, the user expresses consent to receive such messages;
managing user sessions and preferences on the platform (cookies and similar technologies);
creating a user account on event@sporter.md;
measuring traffic and personalizing the Services we offer you; personalizing the advertising we display; responding to your requests and comments; preventing and resolving disputes; informing you about postponements, rescheduling, cancellations or changes to events for which you purchased a ticket; paying amounts owed to you by us or event organizers, where applicable; enabling participation in interactive activities (e.g., contests); providing technical support related to the Services;
communicating administrative announcements and messages; sending newsletters and information about products, Services and promotions related to us or other companies/organizations we work with;
collecting payments from you and issuing invoices, where applicable; delivering the ticket (via SMS/e-mail);
displaying your name on event access scanners when your ticket is scanned;
enabling you to share information on social media;
preventing, detecting, combating and investigating fraud, security breaches or other potentially prohibited or illegal activities; enforcing the Terms and Conditions of website use.
Accordingly, the processing is necessary for the performance of a contract to which you are a party, and/or for compliance with a legal obligation incumbent on the controller, and/or for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.
You have the right to withdraw consent at any time. We process your personal data only for the purposes we have communicated. If we use them for other purposes, they will be used only after informing you or obtaining your consent, as applicable. The data provided is not public and cannot be viewed by other users of the website.
We use a user’s personal data only when we have a legal basis. For each category of processing, we rely on one of the following GDPR legal bases:
Performance of a contract (Art. 6(1)(b)): ticket issuance and operational communications;
Consent (Art. 6(1)(a)): marketing and newsletters;
Legitimate interest (Art. 6(1)(f)): preventing and detecting fraud in financial transactions, service abuse or identity theft; ensuring network, IT system and data security and preventing cyberattacks and other security incidents; communicating with customers, responding to requests, providing technical assistance and handling complaints; sending advertising or promotional materials to customers provided that data subjects can effectively object to such processing; analyzing and improving existing products or services or developing new products or services.
Purpose limitation
Personal data will be processed only for the purposes mentioned above and will not be used for other purposes incompatible with them.
From time to time we may update this Policy. Any changes will be published on this page. We may additionally inform you by e-mail or directly on the platform. If you do not agree with the new terms, please stop using Sporter services.
1.6 User rightsIn certain situations you have legal rights related to personal data protection. To exercise them, please write using the contact details mentioned above.
Right to be informed: you have the right to know what personal data we process about you. Data subjects have the right to be informed about the processing of their personal data. Through this policy, users are informed about the identity and contact details of the controller, the purposes and legal basis of processing, categories of recipients, transfers to third countries or international organizations, storage period, as well as their rights.
Right of access: users have the right to obtain confirmation from us as to whether or not personal data concerning them is being processed and, where that is the case, access to the personal data and the related information. Upon request, we may provide a copy of the personal data undergoing processing. For any further copies requested, we may charge a reasonable fee based on administrative costs. Information will be provided in a commonly used electronic format. We reserve the right not to respond to manifestly unfounded, excessive or repetitive requests.
Right to rectification: if your personal data is inaccurate or incomplete, you have the right to update it or request that we update it. The user may request rectification of inaccurate personal data and completion of incomplete personal data, including by providing a supplementary statement.
Right to object: you have the right to object to the processing of your personal data whenever the processing is carried out on the basis of the legitimate interest pursued by our company. The user has the right to object at any time, on compelling legitimate grounds relating to their particular situation, to processing based on the controller’s legitimate interest, including profiling. Where the objection is justified, processing shall no longer concern the data in question.
Right to erasure (“right to be forgotten”): the user may request erasure where one of the following applies: the data is no longer necessary for the purposes; the user withdraws consent and there is no other legal basis; the user objects to processing based on legitimate interest; the data has been unlawfully processed; the data must be erased for compliance with a legal obligation. Under the law, the obligation to erase does not apply to the extent processing is necessary: for freedom of expression and information; for compliance with a legal obligation or performance of a task carried out in the public interest; for reasons of public interest in public health; for archiving in the public interest, scientific or historical research or statistical purposes; or for the establishment, exercise or defense of legal claims.
Right to restriction of processing: the user has the right to obtain restriction where: accuracy is contested (for a period enabling verification); processing is unlawful and the user opposes erasure, requesting restriction instead; we no longer need the data but the user requires it for legal claims; the user objected pending verification of whether the controller’s legitimate grounds override those of the data subject. Erasure or restriction may result in inability to use the Services.
Right to data portability: the user has the right to receive personal data provided to the controller in a structured, commonly used and machine-readable format and to transmit it to another controller without hindrance, where processing is based on consent or a contract and is carried out by automated means. The user also has the right to have the data transmitted directly between controllers where technically feasible. If you exercise this right, you will receive the requested data by e-mail.
Right not to be subject to automated individual decision-making: users have the right to request and obtain withdrawal/cancellation/reassessment of any decision producing legal effects concerning them, based solely on automated processing intended to evaluate aspects of personality such as professional competence, reliability, behavior, etc.
Right to lodge a complaint with a competent supervisory authority: users have the right to lodge a complaint regarding processing of personal data. Without affecting this right, we ask users to contact us first and we promise to make every effort to resolve any issue amicably.
Right to judicial remedy: without prejudice to the right to lodge a complaint with the supervisory authority, users have the right to bring proceedings before the courts for protection of any rights guaranteed by law that have been infringed. If the user has suffered damage due to unlawful processing, they may apply to the competent court for compensation. For any request regarding use of your personal data, you may contact us at the e-mail address specified in this Privacy Policy. We encourage you to ensure the personal data you provide is complete and accurate. Our team will make all necessary efforts to resolve requests as quickly as possible. We may, however, refuse requests in certain cases where they are unfounded, within applicable law.
Fee for exercising rights
As a rule, access to your personal data and exercising other rights are free of charge. However, if your request is unfounded, repetitive or excessive, we may charge a reasonable fee or refuse to process it.
Response time
We undertake to respond to all requests within a maximum of 30 calendar days. For complex requests, this period may be extended by an additional 60 days, but we will inform you in writing about the extension within the first 30 days.
Complaints and support
You may lodge a complaint at any time with the data protection authority (contact details are in section 1.14). However, we encourage you to contact us first — our Customer Support team is ready to help and resolve the situation.
We may contact you by e-mail and/or SMS to provide useful information about the purchased event and future events. You can unsubscribe at any time from marketing messages using the unsubscribe link in the e-mail (each marketing e-mail contains an opt-out link that works immediately) or by contacting Customer Support. You will receive marketing messages only if you provided explicit consent by ticking the relevant checkbox when purchasing tickets.
1.8 To whom do we disclose your data?Your personal data may be transferred to the following parties only for the purposes mentioned in section 1.4:
Sporter affiliated companies: for improving products, customer support and fraud prevention. Transfers are carried out securely and governed by agreements and security measures (see section 1.11).
Third-party service providers: help us provide services and may be located in Moldova or abroad. For payment processing, we transfer your data to commercial banks and payment operators, in accordance with the law. For technical services — hosting providers, e-mail marketing services. Event organizers — for ticket validation and performance of contracts signed by the commercial agency. Providers are obliged to protect your data and use it only according to our instructions.
Authorities and law enforcement: we may disclose your data upon request of authorities in accordance with the law. In the event of a sale, merger or transfer of business, new owners may use your data under the same conditions set out in this Policy.
When we transfer personal data to countries outside the European Union, we ensure the level of protection remains the same by applying one of the following measures:
personal data is transferred only to countries whose protection has been recognized as adequate by the European Commission;
Details: European Commission: Adequacy of protection. (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en)
when working with service providers, we use Standard Contractual Clauses approved by the European Commission, ensuring protection under EU rules;
Details: European Commission: Model contracts (https://commission.europa.eu/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en)
when working with providers outside the EU, we ensure SCCs or other EU-approved mechanisms are in place that guarantee personal data protection.
Data is stored and processed on secure servers to ensure stable website operation. We retain personal data only as long as necessary to achieve the purposes for which it was collected and to comply with legal and accounting record-keeping requirements. Retention depends on the volume, nature and sensitivity of data; potential risks of unauthorized access; purposes; and whether those purposes can be achieved by other lawful means.
Examples of retention periods:
Billing data: under the Accounting and Financial Reporting Law, we are required to keep accounting documents (primary documents, registers, financial statements and other related documents). Accounting documents are systematized and stored according to rules and deadlines established by the state authority supervising and administering the Archival Fund of the Republic of Moldova.
Transaction history: 1 year after the event;
Marketing data: until unsubscribe or 1 year of inactivity;
Cookies: see our separate Cookies Policy.
All information is stored on secure servers and we apply technical and organizational measures to protect it reliably. We periodically assess the network security level and compliance with our internal information security program, aimed to:
protect data against accidental or unlawful loss, unauthorized access and disclosure;
identify potential risks to network security;
reduce risks through regular assessments and testing.
All your payment data is additionally encrypted using SSL technology. However, please note that transmitting information over the Internet or other open networks cannot be guaranteed to be completely secure and there is always a risk of unauthorized access.
1.12 Principles of personal data processingProcessing of your personal data is carried out based on the following principles:
lawfulness and fairness of processing purposes and methods;
processing in accordance with declared and established purposes;
proportionality between the volume/nature of data and processing purposes;
accuracy, timeliness and data minimization;
lawfulness of organizational and technical protection measures;
continuous improvement of the personal data protection system.
In the event of a personal data security breach, we will:
notify CNPDCP within 72 hours;
inform affected persons if there is a high risk to their rights and freedoms;
take immediate remedial and preventive measures.
For questions regarding personal data protection, you may contact the National Center for Personal Data Protection:
Address: Republic of Moldova, Chișinău, 48 Serghei Lazo str., MD-2004
Website: http://www.datepersonale.md/